CVE-2025-52898 (GCVE-0-2025-52898)
Vulnerability from cvelistv5 – Published: 2025-06-30 17:19 – Updated: 2025-06-30 18:01
VLAI?
Summary
Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T18:01:08.276711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T18:01:16.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "frappe",
"vendor": "frappe",
"versions": [
{
"status": "affected",
"version": "\u003c 15.58.0"
},
{
"status": "affected",
"version": "\u003c 14.94.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user\u0027s password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T17:19:31.543Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j"
},
{
"name": "https://github.com/frappe/frappe/pull/31522",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frappe/frappe/pull/31522"
},
{
"name": "https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2"
},
{
"name": "https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66"
}
],
"source": {
"advisory": "GHSA-p284-r7rh-wq7j",
"discovery": "UNKNOWN"
},
"title": "Frappe account takeover via password reset token leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52898",
"datePublished": "2025-06-30T17:19:31.543Z",
"dateReserved": "2025-06-20T17:42:25.710Z",
"dateUpdated": "2025-06-30T18:01:16.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-52898\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-30T18:15:25.773\",\"lastModified\":\"2025-07-08T14:43:50.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user\u0027s password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.\"},{\"lang\":\"es\",\"value\":\"Frappe es un framework de aplicaciones web integral. Antes de las versiones 14.94.3 y 15.58.0, una solicitud cuidadosamente manipulada pod\u00eda permitir que un atacante malicioso accediera al token de restablecimiento de contrase\u00f1a de un usuario. Esto solo se puede explotar en instancias alojadas en servidores propios con una configuraci\u00f3n espec\u00edfica. Los usuarios de Frappe Cloud est\u00e1n seguros. Este problema se ha corregido en las versiones 14.94.3 y 15.58.0. Las soluciones alternativas incluyen verificar las URL de restablecimiento de contrase\u00f1a antes de acceder a ellas o actualizar la versi\u00f3n para usuarios alojados en servidores propios.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.94.3\",\"matchCriteriaId\":\"C1A94A0B-B5E4-4F08-8817-7BC2C61922AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frappe:frappe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.58.0\",\"matchCriteriaId\":\"AD95653C-461E-44CD-A6D6-918E52A0A895\"}]}]}],\"references\":[{\"url\":\"https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/frappe/frappe/pull/31522\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52898\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-30T18:01:08.276711Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-30T18:01:10.878Z\"}}], \"cna\": {\"title\": \"Frappe account takeover via password reset token leakage\", \"source\": {\"advisory\": \"GHSA-p284-r7rh-wq7j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"frappe\", \"product\": \"frappe\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 15.58.0\"}, {\"status\": \"affected\", \"version\": \"\u003c 14.94.3\"}]}], \"references\": [{\"url\": \"https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j\", \"name\": \"https://github.com/frappe/frappe/security/advisories/GHSA-p284-r7rh-wq7j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/frappe/frappe/pull/31522\", \"name\": \"https://github.com/frappe/frappe/pull/31522\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2\", \"name\": \"https://github.com/frappe/frappe/commit/52e31337a6c964189c8b883a2f7bc3a28ab374f2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66\", \"name\": \"https://github.com/frappe/frappe/commit/5b4849b1ab5fd796b306312745b4e202b0e90d66\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user\u0027s password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-30T17:19:31.543Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-52898\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-30T18:01:16.717Z\", \"dateReserved\": \"2025-06-20T17:42:25.710Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-30T17:19:31.543Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…